Cybersecurity


/web/img/field/image/sec_0.jpg

News Brief

Cybersecurity firm Intrusion to settle SEC fraud claims

2023-09-28T17:45:00+01:00By

Texas-based cybersecurity company Intrusion was charged with fraud by the Securities and Exchange Commission regarding alleged materially false and misleading statements made by its former chief executive.

California skyline

Premium

California cybersecurity audit rule scope begins taking shape at CPPA meeting

2023-09-12T12:41:00+01:00By

A final version of California’s cybersecurity audit rules likely won’t be released until later next year at the earliest, according to a rough timeline discussed by the California Privacy Protection Agency.

Ransomware

Premium

Paying ransom to avoid GDPR fine an unwise gambit

2023-09-07T13:21:00+01:00By

Companies that think paying reduced ransomware demands would be a better move than informing regulators of a data breach and facing enforcement are playing with fire, according to experts.

verizon_web

News Brief

Verizon unit to pay $4.1M in cybersecurity false claims case

2023-09-06T20:46:00+01:00By

Verizon Business Network Services agreed to pay approximately $4.1 million to settle allegations levied by the Department of Justice regarding false claims caused by failure to fully implement cybersecurity controls required of a government contractor.

Cyber

Premium

Preparing for SEC cybersecurity rules an opportunity for collaboration

2023-08-25T13:40:00+01:00By

Businesses can prepare for the Securities and Exchange Commission’s upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance.

Cyber locks

Premium

Cyber expert: Reach for data security to achieve compliance

2023-08-23T20:17:00+01:00By

Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.

halock 300x200

Webcast

CPE Webcast: Five deliverables every cybersecurity team needs to survive, thrive and comply with the new SEC Cybersecurity Rule

2023-08-15T14:00:00+01:00Provided by HALOCK Security Labs

In today’s fast-paced business world, firms must adapt to the ever-changing mobile compliance and technology landscape to stay competitive.

New York cyber-security

News Brief

N.Y. cyber strategy puts pressure on banks, energy sector

2023-08-10T14:50:00+01:00By

New York will closely monitor the cybersecurity protections in place at institutions in the financial and energy sectors as part of its first statewide cybersecurity strategy.

OCT24

Webcast

Oct 24 | Unprepared for SEC cyber disclosures? You can get through this

2023-08-04T20:47:00+01:00Provided by HALOCK Security Labs

Learn what cybersecurity strategy, governance, and risk management are and how to use an emerging definition for reasonable cybersecurity controls to help you define materiality.

Covington

Premium

Covington mulling appeal of ruling in SEC breached client case

2023-08-04T18:01:00+01:00By

Covington & Burling is leaving open the possibility of appealing a recent federal court order requiring the law firm to provide the names of hacked clients to the Securities and Exchange Commission.

Federal Reserve

News Brief

Fed report highlights emerging cyber threats, including generative AI

2023-08-04T17:15:00+01:00By

The Federal Reserve listed the proliferation of generative artificial intelligence tools among areas of emerging cybersecurity threats for banks to monitor as part of its annual resilience report.

Cyber-security

Premium

Risks, opportunities under SEC’s cyber incident disclosure rule

2023-08-02T19:57:00+01:00By

The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s newly approved cybersecurity incident disclosure rule.

Microsoft

News Brief

​Senator pushes for probe into Microsoft’s ‘negligent cybersecurity practices’

2023-07-31T18:43:00+01:00By

Sen. Ron Wyden (D-Ore.) is calling on federal agencies to hold Microsoft accountable for “negligent cybersecurity practices” that played part in a Chinese hacking campaign that targeted U.S. government email addresses.

/web/img/field/image/sec_0.jpg

News Brief

SEC adopts rule requiring cyber incident disclosures within four days

2023-07-26T16:30:00+01:00By

The Securities and Exchange Commission finalized its controversial rule requiring public companies to disclose the nature, scope, timing, and impact of cybersecurity incidents deemed to be material within four business days.

Cyber

Premium

IBM report: Data breach costs at all-time high; AI helping detection

2023-07-25T20:47:00+01:00By

The global average cost of a data breach reached a new all-time high of $4.45 million in 2023, according to IBM’s annual report.

Google building

News Brief

Tech giants, White House agree to AI risk management guidelines

2023-07-21T15:29:00+01:00By

Technology companies including Google, Meta, and OpenAI agreed to a series of voluntary commitments they’ll make regarding their management of risks when developing artificial intelligence systems.

White House

Premium

Biden cyber strategy plan calls for big businesses to step up

2023-07-20T18:37:00+01:00By

The “biggest, most capable, and best-positioned” businesses must assume a greater share of mitigating cyber risks, the White House said in announcing the National Cybersecurity Strategy Implementation Plan.

Business success

Premium

Survey: Investment adviser compliance ramps up testing on advertising, marketing

2023-07-13T17:55:00+01:00By

The most popular mock exams conducted by compliance professionals at investment adviser firms this year have been on the Securities and Exchange Commission’s advertising/marketing rule, according to a new poll.

AI risks

Premium

Experts: Ways to stay ahead of generative AI risks

2023-07-06T15:33:00+01:00By

Not all companies can rely on bans or restrictions to employee use of generative artificial intelligence like ChatGPT. Instead of telling people what they can’t do, focus on what they can do.

CFTC

News Brief

CFTC assembles task forces to combat cyber and tech issues, ESG fraud

2023-06-30T16:15:00+01:00By

The Enforcement Division of the Commodity Futures Trading Commission announced it established two new task forces to combat cyberattacks and misuse of technology and environmental fraud.

Computer hacked

Premium

Growing list of MOVEit hack victims shows damage control difficulties

2023-06-30T15:28:00+01:00By

More than 130 organizations are believed to have been impacted by the MOVEit hack, with millions of people’s data at risk. Experts opine on the struggles businesses face in containing exposure.

Gurbir Grewal

Premium

SEC’s Grewal spotlights enforcement focus on cyber disclosures

2023-06-29T21:32:00+01:00By

The No. 1 priority at the Securities and Exchange Commission after organizations are impacted by a cybersecurity incident is that investors receive timely and accurate disclosures, according to Enforcement Division Director Gurbir Grewal.

Medibank

News Brief

APRA pressures Medibank on cyber enhancements post-breach

2023-06-28T13:18:00+01:00By

The Australian Prudential and Regulation Authority will require Medibank Private to hold 250 million Australian dollars (U.S. $166 million) in extra capital until the insurer remediates identified cybersecurity weaknesses after a significant data breach.

Cybercrime

Article

MOVEit ransomware attack shows sophistication of cybercriminals

2023-06-28T00:06:00+01:00By Paul Dwyer, for International Compliance Association

In an era marked by an increase in digital threats, it’s vital to understand how sophisticated cybercriminal syndicates like Clop can impact the financial sector.

Cybersecurity offices

Premium

NAVEX report: Driven by cyber threats, infosec compliance top of mind

2023-06-22T21:15:00+01:00By

Compliance teams are taking more responsibility for issues related to information security and data privacy, motivated by increasing threats posed by data breaches and cyber intrusions, according to a new survey from NAVEX.

Cybersecurity

Premium

CFTC commissioner crafting potential proposed rule on cyber resiliency

2023-06-21T21:45:00+01:00By

The Commodity Futures Trading Commission’s Technology Advisory Committee sponsored by Commissioner Christy Goldsmith Romero is crafting potential rulemaking to establish cyber resiliency baselines among swap dealers and futures commission merchants.

FCC

News Brief

​FCC forms consumer data privacy task force

2023-06-16T14:19:00+01:00By

The Federal Communications Commission announced the launch of a new task force to coordinate privacy and data protection efforts at the agency, which oversees a telecommunications industry often targeted by cybercriminals.

File transfer hack

Premium

Shades of SolarWinds in lessons from MOVEit hack

2023-06-14T17:50:00+01:00By

A ransomware attack affecting some of the U.K.’s largest corporations has highlighted once again how exposed organizations can be if the levels of cybersecurity used by their third parties are not as strong as expected.

SEC

News Brief

SEC spring 2023 regulatory agenda: 37 rules in final stage

2023-06-14T15:50:00+01:00By

The rest of the year is shaping up to be busy at the Securities and Exchange Commission, where final rules regarding climate-related disclosures, enhanced cybersecurity risk governance, and more are all on the near-term agenda.

Hacker

Premium

Verizon report: Lion’s share of data breaches linked to organized crime

2023-06-08T20:06:00+01:00By

About 83 percent of data breaches are perpetrated by external bad actors and not employees, with 70 percent of those breaches linked to organized crime groups with financial motives, according to the latest research.

Bank risk

Premium

KPMG report: Bank supervision, cyber among reg focus areas for rest of year

2023-06-07T19:54:00+01:00By

A new report by KPMG on key regulatory challenges for the second half of 2023 warned financial institutions to prepare for increased scrutiny, while all companies should expect more questions on how they oversee their cybersecurity and data management programs.

Amazon Alexa

News Brief

FTC orders Amazon pay $30M for alleged Alexa, Ring privacy violations

2023-06-01T20:34:00+01:00By

Amazon is set to pay more than $30 million comprised of a civil penalty and consumer refunds to resolve two separate cases alleging privacy violations regarding its Alexa voice assistant service and Ring doorbell subsidiary.

Auditboard thumbnail

Resource

e-Book: New audit risk landscape: ESG, cyber, more

2023-05-31T01:27:00+01:00Provided by

As companies face sustainability reporting challenges, accounting and audit firms are fielding increased requests for assistance, along with demands from investors and regulatory bodies for assurance on disclosures.

OneMain Financial

News Brief

OneMain Financial fined $4.25M in NYDFS cybersecurity case

2023-05-25T17:16:00+01:00By

Mortgage servicer OneMain Financial Group will pay $4.25 million to settle allegations it left customer information vulnerable to cyberattacks by failing to implement required controls under New York’s cybersecurity law.

FacialRecognition

News Brief

FTC warns businesses to risk assess uses of biometric technologies

2023-05-19T17:02:00+01:00By

Businesses that make false or unsubstantiated claims regarding facial recognition and other biometric technologies could face enforcement from the Federal Trade Commission, the agency warned in a policy statement.

Uber

News Brief

Ex-Uber security chief avoids prison in obstruction case

2023-05-05T17:31:00+01:00By

The former chief security officer of Uber Technologies was sentenced to probation by a federal court judge as punishment for his involvement in covering up a 2016 data breach that affected 57 million users.

SEC office

News Brief

SEC risk alert flags branch office cybersecurity controls

2023-04-27T18:43:00+01:00By

The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission.

HHS

News Brief

HHS teases policy changes stemming from cyber resiliency analysis

2023-04-17T19:57:00+01:00By

Some U.S. hospitals are falling short in protecting themselves from cyberattacks, with 29 percent of facilities recently surveyed lacking a documented GRC system, a new report from the Department of Health and Human Services found.

chatgpt_web

Premium

How to avoid pitfalls of scaling business with generative AI

2023-04-11T19:10:00+01:00By

Generative AI has the potential to be as game-changing for business and society as the internet, social media, and mobile phones were. At the moment, however, the risks seem to outweigh the rewards.

Treasury Department

News Brief

Treasury: DeFi services vulnerable to AML/CFT, cybersecurity risks

2023-04-07T16:14:00+01:00By

A new U.S. Treasury report concluded that decentralized finance services are being used by bad actors to launder the proceeds of illegal activity, aided by crypto platforms weak or non-existent in anti-money laundering and sanctions compliance programs.

mitratech300x200

Webcast

CPE Webcast: Cyber risk management through an economic lens

2023-04-04T11:00:00+01:00Provided by

How can you build a mature cyber resilience program within your business with a critical lack of technical know-how, significant budget constraints, and few-to-no monitoring of third-party risks?

TikTok

News Brief

TikTok CEO to boast data security efforts in Congress testimony

2023-03-22T16:55:00+00:00By

The fate of popular social media app TikTok in the United States could hinge on the testimony of CEO Shou Zi Chew before the House Committee on Energy and Commerce.

cisa_web

News Brief

CISA pilot program seeks to bolster ransomware preparedness

2023-03-15T19:54:00+00:00By

The Cybersecurity and Infrastructure Security Agency announced a pilot program designed to help critical infrastructure entities vulnerable to cyberattacks mitigate a ransomware incident before it occurs.

SEChq

News Brief

​SEC proposes Reg S-P updates on incident response, breach notifications

2023-03-15T17:45:00+00:00By

The Securities and Exchange Commission proposed amendments to its regulation requiring broker-dealers, investment companies, and registered investment advisers to establish policies and procedures to safeguard customer records and information.

DOJ building

News Brief

​Web hosting company fined in DOJ cyber fraud case

2023-03-15T15:38:00+00:00By

Web hosting company Jelly Bean Communications Design and its manager agreed to pay $293,771 in the latest Department of Justice case holding government contractors accountable for poor cybersecurity practices.

Blackbaud

News Brief

SEC orders Blackbaud to pay $3M for misleading ransomware disclosures

2023-03-10T19:32:00+00:00By

Software company Blackbaud agreed to pay $3 million to the Securities and Exchange Commission to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.

HHS building

News Brief

HHS creates new enforcement office for health privacy

2023-02-28T20:20:00+00:00By

The Department of Health and Human Services and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.

Congress

Premium

Congress or FTC? What about SEC? Where U.S. federal privacy legislation efforts stand in 2023

2023-02-28T14:00:00+00:00By

As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?

Cloud data

Premium

Cloud ‘not a silver bullet’ for security

2023-02-24T21:33:00+00:00By

A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.

United States cyber

Premium

‘This is where we are now’: Cyber environment calls for continuous monitoring

2023-02-24T20:10:00+00:00By

Securing your organization’s private data when vendors have access to it means managing relationships from beginning to end, panelists at CW’s virtual Cyber Risk and Data Privacy Summit agreed.